@@ -14,6 +14,10 @@ import (
1414 "github.com/go-openapi/runtime"
1515)
1616
17+ type principalType struct {
18+ Name string
19+ }
20+
1721type countAuthenticator struct {
1822 count int
1923 applies bool
@@ -40,18 +44,28 @@ var (
4044 noApplyAuth = runtime .AuthenticatorFunc (func (_ any ) (bool , any , error ) {
4145 return false , nil , nil
4246 })
47+ successAuthWithPointer = runtime .AuthenticatorFunc (func (_ interface {}) (bool , interface {}, error ) {
48+ return true , & principalType {Name : "the user" }, nil
49+ })
50+ failAuthWithPointer = runtime .AuthenticatorFunc (func (_ interface {}) (bool , interface {}, error ) {
51+ var typedPrincipal * principalType
52+ return true , typedPrincipal , errors .New ("unauthenticated" )
53+ })
54+ failAuthWithNilPointer = runtime .AuthenticatorFunc (func (_ interface {}) (bool , interface {}, error ) {
55+ var typedPrincipal * principalType
56+ return true , typedPrincipal , nil
57+ })
4358)
4459
4560func TestAuthenticateSingle (t * testing.T ) {
4661 ra := RouteAuthenticator {
4762 Authenticator : map [string ]runtime.Authenticator {
48- "auth1" : successAuth ,
63+ "auth1" : successAuthWithPointer ,
4964 },
5065 Schemes : []string {"auth1" },
5166 Scopes : map [string ][]string {"auth1" : nil },
5267 }
5368 ras := RouteAuthenticators ([]RouteAuthenticator {ra })
54-
5569 require .FalseT (t , ras .AllowsAnonymous ())
5670
5771 req , _ := http .NewRequestWithContext (context .Background (), http .MethodGet , "/" , nil )
@@ -64,6 +78,68 @@ func TestAuthenticateSingle(t *testing.T) {
6478 require .Equal (t , ra , * route .Authenticator )
6579}
6680
81+ func TestAuthenticateWrong (t * testing.T ) {
82+ t .Run ("with principal as a pointer to a concrete type" , func (t * testing.T ) {
83+ t .Run ("should authenticate" , func (t * testing.T ) {
84+ ra := RouteAuthenticator {
85+ Authenticator : map [string ]runtime.Authenticator {
86+ "auth1" : successAuthWithPointer ,
87+ },
88+ Schemes : []string {"auth1" },
89+ Scopes : map [string ][]string {"auth1" : nil },
90+ }
91+ ras := RouteAuthenticators ([]RouteAuthenticator {ra })
92+
93+ require .False (t , ras .AllowsAnonymous ())
94+
95+ req , _ := http .NewRequestWithContext (context .Background (), http .MethodGet , "/" , nil )
96+ route := & MatchedRoute {}
97+ ok , prin , err := ras .Authenticate (req , route )
98+ require .NoError (t , err )
99+ require .True (t , ok )
100+ require .EqualValues (t , & principalType {Name : "the user" }, prin )
101+ })
102+ t .Run ("should not authenticate" , func (t * testing.T ) {
103+ ra := RouteAuthenticator {
104+ Authenticator : map [string ]runtime.Authenticator {
105+ "auth1" : failAuthWithPointer ,
106+ },
107+ Schemes : []string {"auth1" },
108+ Scopes : map [string ][]string {"auth1" : nil },
109+ }
110+ ras := RouteAuthenticators ([]RouteAuthenticator {ra })
111+
112+ require .False (t , ras .AllowsAnonymous ())
113+
114+ req , _ := http .NewRequestWithContext (context .Background (), http .MethodGet , "/" , nil )
115+ route := & MatchedRoute {}
116+ ok , prin , err := ras .Authenticate (req , route )
117+ require .Error (t , err )
118+ require .True (t , ok )
119+ require .Nil (t , prin )
120+ })
121+ t .Run ("should yield nil principal" , func (t * testing.T ) {
122+ ra := RouteAuthenticator {
123+ Authenticator : map [string ]runtime.Authenticator {
124+ "auth1" : failAuthWithNilPointer ,
125+ },
126+ Schemes : []string {"auth1" },
127+ Scopes : map [string ][]string {"auth1" : nil },
128+ }
129+ ras := RouteAuthenticators ([]RouteAuthenticator {ra })
130+
131+ require .False (t , ras .AllowsAnonymous ())
132+
133+ req , _ := http .NewRequestWithContext (context .Background (), http .MethodGet , "/" , nil )
134+ route := & MatchedRoute {}
135+ ok , prin , err := ras .Authenticate (req , route )
136+ require .NoError (t , err )
137+ require .True (t , ok )
138+ require .Nil (t , prin )
139+ })
140+ })
141+ }
142+
67143func TestAuthenticateLogicalOr (t * testing.T ) {
68144 ra1 := RouteAuthenticator {
69145 Authenticator : map [string ]runtime.Authenticator {
0 commit comments